Slackware Security Advisories (sigurnosne nadogradnje)

Novosti u vezi Slackware Linuxa

Moderator: Urednik

Locked

Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Oct 2017, 08:45


23.10.2017.

Sveži curl paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/curl-7.56.1-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  IMAP FETCH response out of bounds read may cause a crash or information leak.
  For more information, see:
    https://curl.haxx.se/docs/adv_20171023.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 27 Oct 2017, 08:45


25.10.2017.

Sveži irssi paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/irssi-1.0.5-i586-1_slack14.2.txz:  Upgraded.
  This update fixes some remote denial of service issues.
  For more information, see:
    https://irssi.org/security/irssi_sa_2017_10.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15228
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15721
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15723
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15722
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 29 Oct 2017, 01:32


27.10.2017.

Sveži wget paketi za Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/wget-1.19.2-i586-1_slack14.2.txz:  Upgraded.
  This update fixes stack and heap overflows in in HTTP protocol handling.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13090
  (* Security fix *)
Sveži php paketi za Slackware 14.0, 14.1, 14.2 i -current:

Code: Select all

patches/packages/php-5.6.32-i586-1_slack14.2.txz:  Upgraded.
  Several security bugs were fixed in this release:
  Out of bounds read in timelib_meridian().
  The arcfour encryption stream filter crashes PHP.
  Applied upstream patch for PCRE (CVE-2016-1283).
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 04 Nov 2017, 20:19


02.11.2017.

Sveži mariadb paketi za Slackware 14.1, 14.2 i -current:

Code: Select all

patches/packages/mariadb-10.0.33-i586-1_slack14.2.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://jira.mariadb.org/browse/MDEV-13819
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
  (* Security fix *)
Sveži openssl paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/openssl-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  There is a carry propagating bug in the x64 Montgomery squaring procedure.
  No EC algorithms are affected. Analysis suggests that attacks against RSA
  and DSA as a result of this defect would be very difficult to perform and
  are not believed likely. Attacks against DH are considered just feasible
  (although very difficult) because most of the work necessary to deduce
  information about a private key may be performed offline. The amount of
  resources required for such an attack would be very significant and likely
  only accessible to a limited number of attackers. An attacker would
  additionally need online access to an unpatched system using the target
  private key in a scenario with persistent DH parameters and a private
  key that is shared between multiple clients.
  This only affects processors that support the BMI1, BMI2 and ADX extensions
  like Intel Broadwell (5th generation) and later or AMD Ryzen.
  For more information, see:
    https://www.openssl.org/news/secadv/20171102.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2m-i586-1_slack14.2.txz:  Upgraded.
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 17 Nov 2017, 17:32


16.11.2017.

Sveži mozilla-firefox i libplist paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/mozilla-firefox-52.5.0esr-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
  (* Security fix *)

Code: Select all

patches/packages/libplist-2.0.0-i586-1_slack14.2.txz:  Upgraded.
  This update fixes several security issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6440
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6438
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6437
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5836
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”



Administrator
Administrator
offline
User avatar

Posts: 2491
Joined: 01 Apr 2012, 13:50
Location: Mlečni put

Post Napisano: 21 Nov 2017, 16:21


20.11.2017.

Sveži libtiff paketi za Slackware 14.2 i -current:

Code: Select all

patches/packages/libtiff-4.0.9-i586-1_slack14.2.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
  (* Security fix *)
Use the source, Luke
SSZ irc kanal
Spread the Word, “CHOOSE SLACK! and Don’t look back.”


Locked

Who is online

Users browsing this forum: No registered users and 2 guests